From 96e8ee0119f62e16bb7eeb843e4eb3310dceece4 Mon Sep 17 00:00:00 2001
From: wanggeng888 <450292408@qq.com>
Date: Fri, 16 Jul 2021 18:11:21 +0800
Subject: [PATCH] =?UTF-8?q?=E6=96=B0=E5=A2=9E1.0.2=E5=BF=AB=E7=85=A7?=
=?UTF-8?q?=E7=89=88=E6=9C=AC=EF=BC=8C=E5=8F=AA=E4=BF=9D=E7=95=99=E8=8F=9C?=
=?UTF-8?q?=E5=8D=95=E3=80=81=E6=95=B0=E6=8D=AE=E6=9D=83=E9=99=90?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
pom.xml | 8 +-
.../service/UserDetailServiceImpl.java | 25 +-
.../rbac/impl/UserRbacServiceImpl.java | 214 +-----------------
3 files changed, 10 insertions(+), 237 deletions(-)
diff --git a/pom.xml b/pom.xml
index 35e07c7..310e257 100644
--- a/pom.xml
+++ b/pom.xml
@@ -23,7 +23,7 @@
5.1.4.RELEASE
8.0.16
1.1.9
- 1.0.1-SNAPSHOT
+ 1.0.2-SNAPSHOT
@@ -101,7 +101,7 @@
com.cm
cloud-common-websocket
- 1.0.1-SNAPSHOT
+ ${cm-cloud.version}
@@ -113,7 +113,7 @@
com.cm
cloud-common-dingding
- 1.0.1-SNAPSHOT
+ ${cm-cloud.version}
@@ -147,7 +147,7 @@
com.cm
cloud-central-control-client
- 1.0.1-SNAPSHOT
+ ${cm-cloud.version}
diff --git a/src/main/java/com/cm/serviceusercenter/service/UserDetailServiceImpl.java b/src/main/java/com/cm/serviceusercenter/service/UserDetailServiceImpl.java
index bdf4c04..591cef6 100644
--- a/src/main/java/com/cm/serviceusercenter/service/UserDetailServiceImpl.java
+++ b/src/main/java/com/cm/serviceusercenter/service/UserDetailServiceImpl.java
@@ -1,38 +1,24 @@
package com.cm.serviceusercenter.service;
import com.alibaba.fastjson.JSONObject;
-import com.cm.common.enums.RoleDataAuthorityEnum;
-import com.cm.common.exception.SaveException;
import com.cm.common.exception.SearchException;
-import com.cm.common.exception.UpdateException;
-import com.cm.common.plugin.pojo.vos.authority.AuthorityUserVO;
-import com.cm.common.plugin.service.authority.IAuthorityService;
import com.cm.common.pojo.bos.*;
-import com.cm.common.utils.DateUtil;
-import com.cm.common.utils.RequestUtil;
-import com.cm.common.utils.UUIDUtil;
import com.cm.serviceusercenter.exception.UserAuthenticationException;
-import com.cm.serviceusercenter.pojo.dtos.DepartmentUserDTO;
-import com.cm.serviceusercenter.pojo.dtos.role.RoleDataAuthorityDTO;
import com.cm.serviceusercenter.pojo.pos.UserPO;
-import com.cm.serviceusercenter.service.logger.ILoginLoggerService;
import com.cm.serviceusercenter.service.system.department.IDepartmentService;
import com.cm.serviceusercenter.service.system.group.IGroupService;
import com.cm.serviceusercenter.service.system.position.IPositionService;
import com.cm.serviceusercenter.service.system.role.IRoleService;
import com.cm.serviceusercenter.service.system.user.IUserService;
-import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.authentication.InternalAuthenticationServiceException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Component;
-import javax.servlet.http.HttpServletRequest;
import java.util.*;
/**
@@ -94,8 +80,6 @@ public class UserDetailServiceImpl implements UserDetailsService {
LOG.debug("设置相关添加权限");
Set grantedAuthorities = new LinkedHashSet<>();
if (USERNAME_ADMIN.equals(username)) {
- grantedAuthorities.add(new RoleGrantedAuthority(rolePrefix + "ALL"));
- grantedAuthorities.add(new RoleGrantedAuthority(roleGroupPrefix + "ALL"));
userBO = createUserBO(userPO, grantedAuthorities);
} else {
LOG.debug("设置部门状态");
@@ -112,10 +96,10 @@ public class UserDetailServiceImpl implements UserDetailsService {
List roleBOs = roleService.listRoleBOByUser(params);
roleService.setGroupRoles(groupBOs, roleBOs);
roleService.removalDuplicateRole(roleBOs);
- grantedAuthorities.addAll(loadRoleAuthority(roleBOs));
- // roleService.setRoleMenus(roleBOs);
- if (grantedAuthorities.isEmpty()) {
- throw new UserAuthenticationException(username + "用户无任何权限");
+ // grantedAuthorities.addAll(loadRoleAuthority(roleBOs));
+ roleService.setRoleMenus(roleBOs);
+ if (roleBOs.isEmpty()) {
+ throw new UserAuthenticationException(username + "用户无任何角色权限");
}
userBO = createUserBO(userPO, grantedAuthorities);
userBO.setRoles(roleBOs);
@@ -151,6 +135,7 @@ public class UserDetailServiceImpl implements UserDetailsService {
* @param roleBOs
* @return
*/
+ @Deprecated
private List loadRoleAuthority(List roleBOs) {
List grantedAuthorities = new ArrayList<>();
if (null != roleBOs && !roleBOs.isEmpty()) {
diff --git a/src/main/java/com/cm/serviceusercenter/service/rbac/impl/UserRbacServiceImpl.java b/src/main/java/com/cm/serviceusercenter/service/rbac/impl/UserRbacServiceImpl.java
index 14ac197..ad4f952 100644
--- a/src/main/java/com/cm/serviceusercenter/service/rbac/impl/UserRbacServiceImpl.java
+++ b/src/main/java/com/cm/serviceusercenter/service/rbac/impl/UserRbacServiceImpl.java
@@ -1,22 +1,15 @@
package com.cm.serviceusercenter.service.rbac.impl;
import com.cm.common.config.properties.AccessControl;
-import com.cm.common.pojo.bos.PermissionBO;
-import com.cm.common.pojo.bos.RoleGrantedAuthority;
-import com.cm.common.pojo.bos.RoleMenuBO;
import com.cm.serviceusercenter.service.rbac.IRbacService;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
-import org.springframework.security.core.GrantedAuthority;
import org.springframework.stereotype.Component;
-import org.springframework.util.AntPathMatcher;
import javax.servlet.http.HttpServletRequest;
-import java.util.Collection;
-import java.util.List;
import java.util.Objects;
/**
@@ -32,218 +25,13 @@ import java.util.Objects;
@Component("userRbacService")
public class UserRbacServiceImpl implements IRbacService {
- private static final Logger LOG = LoggerFactory.getLogger(UserRbacServiceImpl.class);
- /**
- * 根路径
- */
- private static final String ANT_PATH_BASE = "/";
- @Autowired
- private AccessControl accessControl;
-
@Override
public boolean hasPermission(HttpServletRequest request, Authentication authentication) {
- boolean hasPermission = false;
Object principal = authentication.getPrincipal();
if (Objects.isNull(principal) || StringUtils.equals("anonymousUser", principal.toString())) {
return false;
}
- String requestURI = request.getRequestURI();
- Collection grantedAuthorities = authentication.getAuthorities();
- AntPathMatcher antPathMatcher = new AntPathMatcher();
- String contextPath = request.getContextPath();
- for (GrantedAuthority grantedAuthority : grantedAuthorities) {
- // 权限类型错误,认证失败
- if (!(grantedAuthority instanceof RoleGrantedAuthority)) {
- return false;
- }
- RoleGrantedAuthority roleGrantedAuthority = (RoleGrantedAuthority) grantedAuthority;
- if (StringUtils.contains(roleGrantedAuthority.getAuthority(), "_ALL")) {
- LOG.debug("权限校验URI:{},当前用户为最高管理员,有所有权限", requestURI);
- hasPermission = true;
- break;
- }
- // 放行权限
- if (hasPassPermission(contextPath, requestURI, roleGrantedAuthority, antPathMatcher)) {
- LOG.debug("权限校验URI:{},有新增权限", requestURI);
- hasPermission = true;
- break;
- }
- // 新增权限
- if (hasSavePermission(contextPath, requestURI, roleGrantedAuthority, antPathMatcher)) {
- LOG.debug("权限校验URI:{},有新增权限", requestURI);
- hasPermission = true;
- break;
- }
- // 删除权限
- if (hasDeletePermission(contextPath, requestURI, roleGrantedAuthority, antPathMatcher)) {
- LOG.debug("权限校验URI:{},有删除权限", requestURI);
- hasPermission = true;
- break;
- }
- // 修改权限
- if (hasUpdatePermission(contextPath, requestURI, roleGrantedAuthority, antPathMatcher)) {
- LOG.debug("权限校验URI:{},有修改权限", requestURI);
- hasPermission = true;
- break;
- }
- // 查询权限
- if (hasQueryPermission(contextPath, requestURI, roleGrantedAuthority, antPathMatcher)) {
- LOG.debug("权限校验URI:{},有查询权限", requestURI);
- hasPermission = true;
- break;
- }
- }
- return hasPermission;
- }
-
- /**
- * 放行权限
- *
- * @param uri
- * @param roleGrantedAuthority
- * @param antPathMatcher
- * @return
- */
- private boolean hasPassPermission(String contextPath, String uri, RoleGrantedAuthority roleGrantedAuthority, AntPathMatcher antPathMatcher) {
- if ((contextPath + ANT_PATH_BASE).equals(uri)) {
- return true;
- }
- List passPaths = accessControl.getPassPaths();
- for (String passPath : passPaths) {
- if (antPathMatcher.match(contextPath + passPath, uri)) {
- return true;
- }
- }
- return false;
- }
-
- /**
- * 接口的新增权限
- *
- * @param uri
- * @param roleGrantedAuthority
- * @param antPathMatcher
- * @return
- */
- private boolean hasSavePermission(String contextPath, String uri, RoleGrantedAuthority roleGrantedAuthority, AntPathMatcher antPathMatcher) {
- // 匹配接口权限
- for (PermissionBO permissionBO : roleGrantedAuthority.getPermissionInsert()) {
- if (antPathMatcher.match(permissionBO.getPermissionUrl(), uri)) {
- return true;
- }
- }
- List savePaths = accessControl.getSavePaths();
- // 匹配接口
- for (RoleMenuBO roleMenuBO : roleGrantedAuthority.getSaveMenu()) {
- for (String savePath : savePaths) {
- if (!StringUtils.isBlank(roleMenuBO.getApiPrefix()) && antPathMatcher.match(contextPath + roleMenuBO.getApiPrefix() + savePath, uri)) {
- return true;
- }
- if (!StringUtils.isBlank(roleMenuBO.getResourcePrefix()) && antPathMatcher.match(contextPath + roleMenuBO.getResourcePrefix() + savePath, uri)) {
- return true;
- }
- if (!StringUtils.isBlank(roleMenuBO.getRoutePrefix()) && antPathMatcher.match(contextPath + roleMenuBO.getRoutePrefix() + savePath, uri)) {
- return true;
- }
- }
- }
- return false;
- }
-
- /**
- * 接口的删除权限
- *
- * @param uri
- * @param roleGrantedAuthority
- * @param antPathMatcher
- * @return
- */
- private boolean hasDeletePermission(String contextPath, String uri, RoleGrantedAuthority roleGrantedAuthority, AntPathMatcher antPathMatcher) {
- // 匹配接口权限
- for (PermissionBO permissionBO : roleGrantedAuthority.getPermissionDelete()) {
- if (antPathMatcher.match(permissionBO.getPermissionUrl(), uri)) {
- return true;
- }
- }
- List deletePaths = accessControl.getDeletePaths();
- // 匹配接口
- for (RoleMenuBO roleMenuBO : roleGrantedAuthority.getDeleteMenu()) {
- for (String deletePath : deletePaths) {
- if (!StringUtils.isBlank(roleMenuBO.getApiPrefix()) && antPathMatcher.match(contextPath + roleMenuBO.getApiPrefix() + deletePath, uri)) {
- return true;
- }
- if (!StringUtils.isBlank(roleMenuBO.getResourcePrefix()) && antPathMatcher.match(contextPath + roleMenuBO.getResourcePrefix() + deletePath, uri)) {
- return true;
- }
- }
- }
- return false;
- }
-
- /**
- * 接口的修改权限
- *
- * @param uri
- * @param roleGrantedAuthority
- * @param antPathMatcher
- * @return
- */
- private boolean hasUpdatePermission(String contextPath, String uri, RoleGrantedAuthority roleGrantedAuthority, AntPathMatcher antPathMatcher) {
- // 匹配接口权限
- for (PermissionBO permissionBO : roleGrantedAuthority.getPermissionUpdate()) {
- if (antPathMatcher.match(permissionBO.getPermissionUrl(), uri)) {
- return true;
- }
- }
- List updatePaths = accessControl.getUpdatePaths();
- // 匹配接口
- for (RoleMenuBO roleMenuBO : roleGrantedAuthority.getUpdateMenu()) {
- for (String updatePath : updatePaths) {
- if (!StringUtils.isBlank(roleMenuBO.getApiPrefix()) && antPathMatcher.match(contextPath + roleMenuBO.getApiPrefix() + updatePath, uri)) {
- return true;
- }
- if (!StringUtils.isBlank(roleMenuBO.getResourcePrefix()) && antPathMatcher.match(contextPath + roleMenuBO.getResourcePrefix() + updatePath, uri)) {
- return true;
- }
- if (!StringUtils.isBlank(roleMenuBO.getRoutePrefix()) && antPathMatcher.match(contextPath + roleMenuBO.getRoutePrefix() + updatePath, uri)) {
- return true;
- }
- }
- }
- return false;
- }
-
- /**
- * 接口的查询权限
- *
- * @param uri
- * @param roleGrantedAuthority
- * @param antPathMatcher
- * @return
- */
- private boolean hasQueryPermission(String contextPath, String uri, RoleGrantedAuthority roleGrantedAuthority, AntPathMatcher antPathMatcher) {
- // 匹配接口权限
- for (PermissionBO permissionBO : roleGrantedAuthority.getPermissionQuery()) {
- if (antPathMatcher.match(permissionBO.getPermissionUrl(), uri)) {
- return true;
- }
- }
- List queryPaths = accessControl.getQueryPaths();
- // 匹配接口
- for (RoleMenuBO roleMenuBO : roleGrantedAuthority.getQueryMenu()) {
- for (String queryPath : queryPaths) {
- if (!StringUtils.isBlank(roleMenuBO.getApiPrefix()) && antPathMatcher.match(contextPath + roleMenuBO.getApiPrefix() + queryPath, uri)) {
- return true;
- }
- if (!StringUtils.isBlank(roleMenuBO.getResourcePrefix()) && antPathMatcher.match(contextPath + roleMenuBO.getResourcePrefix() + queryPath, uri)) {
- return true;
- }
- if (!StringUtils.isBlank(roleMenuBO.getRoutePrefix()) && antPathMatcher.match(contextPath + roleMenuBO.getRoutePrefix() + queryPath, uri)) {
- return true;
- }
- }
- }
- return false;
+ return true;
}
}